{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 beautiful° 的问题《spring security 3.2.0 csrf token not working in fr》','https://www.manongdao.com/q-578151.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
After uprading to Spring Security 3.2.0 and configuring the xml, the _csrf token is not working.
Fundamentals:
- Spring 4.0.1
- Spring Security 3.2.0.
- Freemarker Template Language
Step 1 - the spring security xml configuration:
<!-- enable csrf protection via csrf-element -->
<sec:http>
<!-- -->
<sec:csrf token-repository-ref="csrfTokenRepository" />
</sec:http>
<!-- rewrite headerName -->
<bean id="csrfTokenRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
<property name="headerName" value="X-SECURITY" />
</bean>
Step 2 - the freemarker template:
<form accept-charset="UTF-8" action="/portal" method="POST" name="formAddItemToCart">
<!-- ... -->
<!-- inlcude csrf token -->
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
</form>
Step 3 - the rendered output:
<form accept-charset="UTF-8" action="/portal" method="POST" name="formAddItemToCart">
<!-- ... -->
<input type="hidden" name="" value=""/>
</form>
Step 4 - the freemarker template error:
FreeMarker template error:
The following has evaluated to null or missing:
==> _csrf [in template "cart.ftl" at line 28, column 21]
Reference: http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf
Currently i'm debugging the whole application.
I don't know where exactly the problem is - but it seems that csrf isn't working with freemarker. Is this generally possible to include the csrf token in the freemarker template? Do you have any suggestions or solutions?
UPDATE:
xml configuration was not made properly. I've found this solution which helps me lot. https://github.com/spring-projects/spring-mvc-showcase/commit/361adc124c05a8187b84f25e8a57550bb7d9f8e4
Now my files look like these:
security.xml
web.xml